LISTSERV - NCSG-DISCUSS Archives

NCSG-DISCUSS Archives

NCSG-Discuss

NCSG-DISCUSS@LISTSERV.SYR.EDU

	LISTSERV Archives
	NCSG-DISCUSS Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Forum View Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: ICANN Thumbs Its Nose at National Data Protection Authorities - Refuses to Comply with Privacy Laws Protecting Citizens
From:	"Andrew A. Adams" <[log in to unmask]>
Reply To:	Andrew A. Adams
Date:	Tue, 16 Jul 2013 09:52:25 +0900
Content-Type:	text/plain
Parts/Attachments:	text/plain (58 lines)

Milton wrote:
> Is there any way that EPIC or other privacy organizations with
> litigation experience can advise us on or European colleagues on how
> to sue ICANN to show that it does have legal effect?

There is no way really to premptively bring this to a court. If ICANN does 
not regard the Art 29 WP as a suitable authority, then it may also not 
recognise the individual regulators as competent authorities. In its current 
form, i.e. the data protection directive, it is up to individual member 
states to set up appropriate legislation in each country to implement the 
directive. (As a side-note the proposed new regulation is much simpler in 
that regulations pretty much get direct effect in member states.) We'd have 
to know what ICANN would regard as sufficient legal authority. Perhaps they 
would regard individual rulings by each regulator as having sufficient effect 
(since this appears to have been a unanimous decision by the ART29WP which 
includes representatives of all the regulators as well as some other 
advisors, that actually should be feasible). However, ICANN could just as 
easily then turn around and say that this is still not sufficient, in which 
case we'd have to wait for:

An EU-based registrar to comply with thick whois, and make the information 
available as per the ICANN rules;
someone subject to that registry to make a complaint to the regulator in 
their country; OR for the relevant DPA to intervene on their own recognisance 
to order the registrar to stop such activity;
the registrar to appeal to the relevant tribunal or court;
the relevant tribunal or court to rule that the data protection authority is 
correct;
further appeals up the chain to the member state top court, and for them to 
refer the matter to the ECJ (European Court of Justice) for an EU-level 
opinion binding on all EU jurisdictions.

THat would take, on conservative estimates, about five years to complete. In 
the meantime all registrars in EU member states would be caught between the 
rock of ICANN rules and the hard place of their own regulators' 
interpretations of EU rules.

Plus, in the meantime, the new EU DP Regulations will probably become EU law 
this year or next. Luckily for us, this wouldn't then have any further delay 
in transposition into member states laws.

We need to know whether ICANN would regard individual statements from 
relevant DPAs in the various EU member states would be regarded as 
sufficient, or whether they would push registrars into the ridiculous 
position of having to ignore the advice of their DP authority (which opens 
them to significant fines in many cases) or ICANN's rules (which runs the 
risk of them beign suspended by their registry IIRC).

-- 
Professor Andrew A Adams                      [log in to unmask]
Professor at Graduate School of Business Administration,  and
Deputy Director of the Centre for Business Information Ethics
Meiji University, Tokyo, Japan       http://www.a-cubed.info/

ATOM RSS1 RSS2

LISTSERV.SYR.EDU